The compliance opportunity

Welcome to Day 16 of Business Self-Defense from Microsoft Canada. If you’re considering or committed to achieving regulatory compliance, including GDPR, today’s post is for you! In it, we provide small and medium-sized businesses with a primer on the benefits of regulatory compliance and the solutions that Microsoft enables.

How secure is the data you create and collect? AIIM found that 45% of companies lack data governance and risk exposure to security and litigation.

Compliance. Anyone who works in a highly complex regulatory environment—like finance, retail, healthcare, manufacturing, you name it—can tell you about how tough the rules can get. And rightfully so. While never perfect, government regulations help protect consumers, manage systemic risk, and identify criminal behavior.

Business benefits

But how does it benefit businesses? After all, research tells us that 55 percent of small businesses owners feel red tape holds back the growth of their business. Frustration with inefficient bureaucracy and excessive paperwork makes sense, but let’s not throw the compliance baby out with the bathwater. Companies that achieve a compliant position stand to realize a ton of benefits—and avoid major problems.

An organization doesn’t have to operate in Europe to be subject to GDPR. The rules apply to any-sized company, agency, or non-profit, no matter where they’re located, including Canada.

GDPR compliance

Consider the European Union’s General Data Protection Rules (GDPR), which took effect on May 25, 2018. Any company, government agency, non-profit or other organization offering goods and services to people in the EU—from anywhere in the world—must comply with these rules designed to protect privacy and give people more control over their personal data.

Sure, GDPR compliance demands some changes, for all the right reasons. It requires that businesses do everything from publishing a clear privacy policy and securing consent from users to use their data, to providing the now-famous “right to be forgotten.” In a way, GDPR rules represent the codification of privacy best practices.

Practically-speaking, implementing GDPR means tightening up your operations to deliver a more secure and customer-centric experience, which means you benefit as much as your customers.

The good news

While achieving compliance once required large investments in infrastructure, resources, and processes, organizations can now leverage compliant cloud-based products and services. In fact, they can have a fully-managed solution provider run all their IT (data, applications, networks, and devices) in the cloud—all while staying compliant.

Buyer beware! Not all SaaS apps are compliant. Per the 2018 Microsoft Intelligence Security Report, 79 percent of storage apps and 86 percent of collaboration apps do not encrypt data both at rest and in transit.

The best cloud for compliance

With more certifications than any other cloud provider, Microsoft leads the industry in establishing and meeting clear security and privacy requirements. Azure meets a broad set of international and industry-specific compliance standards, such as GDPR, ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards. Rigorous third-party audits, such as those done by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate.